Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2024, 20:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=
Resource
win10v2004-20240802-en
General
-
Target
https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2168 msedge.exe 2168 msedge.exe 1500 msedge.exe 1500 msedge.exe 1884 identity_helper.exe 1884 identity_helper.exe 4380 msedge.exe 4380 msedge.exe 4380 msedge.exe 4380 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1500 wrote to memory of 4328 1500 msedge.exe 82 PID 1500 wrote to memory of 4328 1500 msedge.exe 82 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 4796 1500 msedge.exe 83 PID 1500 wrote to memory of 2168 1500 msedge.exe 84 PID 1500 wrote to memory of 2168 1500 msedge.exe 84 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85 PID 1500 wrote to memory of 2952 1500 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7fff5b8946f8,0x7fff5b894708,0x7fff5b8947182⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4380
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2308
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3376
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD55c057a19c4f34bacd0bb70f31203221e
SHA1a5d217064c9d9b3370b54dbd85854dbac4175d49
SHA256ae5cd395bc97aef53dc5cbcff177c69835d1ac0a8058023d22cec2827fd1b3ee
SHA5127f803134ca90fc282e2bc12d02ec8b5aeeb4dfe0916dad5c3007db543103c5ffd9f0508ee5a69f9cbd9b2b4ef9191dd50cbbea5805da9f9b9bafd8692fecb380
-
Filesize
603B
MD543ca8ef38000b9e976ee5649541bbc16
SHA1b2601716f88b1a996d1032a0261052898e8498a6
SHA256dd7f93116e2dc9c99ded879a44371d6ba2012e6e1ead61c30a44431be7f10571
SHA51241cc28e1745f0cc78b8e6fd93877e3f253fc131bd50a1147032227646b762d67b1bcf07f9d3d3ee9ada729882aa38e0f9b1182351ad9e825bbd9a16629649318
-
Filesize
5KB
MD52644976d20f09d192a0c7c351c8e3de9
SHA1dbaa3dd55ee434f2f84293ebe87f278a131e55e8
SHA2561addec06bb7dd267de5d71761bf10087f1d17640b57b30f16596b796c5ef4aea
SHA51237cccf3c52ce2f46568cc0c5822d6648ea732ef2017fcc19562abc584e42735960af893fa4a7f6aec38f796dfcd845ac1f84e9d9ae3ad5276b6f2a753a901d5f
-
Filesize
6KB
MD5a22f5c28a13fe3251e4a142b172508c2
SHA12459943c37fdc47c323cdaed6ea8d7b380157043
SHA256a5f7a1bff5eb206737aa8ee84ec473d434253d05b8cf283e505c94681a66f327
SHA5123783ca9af7d2200e23aa95596f188f804c561c71c8be69b82b72c889c190957796fb630dc81746ffc3c4bbe84c74c567ccd8e9ccfabd7c196027b0edb34d3ec7
-
Filesize
538B
MD536b69cb968d878078f58a4334c7f82cc
SHA183d3b702358d83225ae8c72b184e62859824f62d
SHA256bbbd4f1d46a717589d53b8fd74ece1b8abee630ed3a7117606317508c903763a
SHA51246d9736ae5ce92efb49abab378b26ed2a9641460a35742fae6580e7efc11c60cf57e08d99df8c59b4cb126d36eef13e9353353695181d96ba2002405fe1e0144
-
Filesize
538B
MD51232d3497407e5bb8a4272ce51289383
SHA1330e66c2a74f7dfb465750e91d77d0f465999c36
SHA256a2400aaad5c0f07ac06558d7ad3b5dba3bb0fafb16d6b39af27ec2e83d59f70d
SHA512790df0e4ae5e475ea26baae09e3280dba532f97c279e1ba6d97b84c251c1d81a85b76de8463f0424699fb2ff495ce7d36d59629f504c80c942f49822f966bfc8
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5fbb03c82e01692a045d19a92e4c27e8f
SHA105c571b3e7c5427c832f6d9355d1e8565183a137
SHA256c80fd9718f72e4895d56a10ba6df60e359c807c4d38ec6f91904c72e164c6b1d
SHA512d6dcf0df13dd658b392d2b0db9f5bedff212f236ae6c9ce57c852064c51c4a087d8883d849f2fa07b31f40105779606fe2dfe54947b2b64f61fc38b16421299a